PHISH EM!

Phish your employees for free with SecurityIQ

Skillset

These days, malware is an everyday concern, even among ordinary end users. A countless amount of money is lost every year worldwide due to malware, possibly in the hundreds of billions, but it’s difficult to accurately quantify.

The money lost has causes ranging from lost hours of office productivity, to financial malware like what hit Target, to hardware that needs to be replaced due to infected firmware.

What might amaze you is that malware has existed since at least 1971, and has been theorized as early as 1949. For the record, Microsoft didn’t exist until 1975.

And it all started so innocently…

“Self-Reproducing Automata”

John Von Neumann was a revolutionary Hungarian-born mathemetician who immigrated to the United States in 1933.

In 1948, Von Neumann started to talk about “cellular automata,” a complex mathemetical model for elementary biological functions. By 1949, those ideas evolved into his series of lectures on “self-reproducing automata,” given at the University of Illinois. Arthur W. Burks compiled those 1949 lectures into a paper that was first published in 1966. Von Neumann’s theories were astoundingly ahead of his time. His “cellular automata” ideas applied to microbes, such as biological viruses. From there, partly based on his experience with ENIAC, he imagined “self-reproducing automata” that could be an entity of those brand new “computing machines.”

“Anybody who looks at living organisms knows perfectly well that they can produce other organisms like themselves. This is their normal function, they wouldn’t exist if they didn’t do this… The other line of argument… arises from looking at artificial automata… Appealing to the organic, living world does not help us greatly, because we do not understand well enough about how natural organisms function. We will stick to automata which we know completely because we made them… It is possible in this domain to describe automata which can reproduce themselves.”

“I’m the Creeper. Catch me if you can!”

Computers made by Digital Equipment Corporation played a crucial role in how computing evolved from the 1950s to the 1970s. MIT (the Massachusetts Institute of Technology) got their first PDP series computers in the 1950s. Timesharing programs had to be used so that MIT’s very first computer science students and professors could experiment with them. Some of the earliest breakthroughs in computer programming started there, back when it was done with punch cards.

Elsewhere in Cambridge, Massachusetts, in 1971, Bob Thomas was a computer programmer. He worked on a timesharing program called TENEX, which ran on a PDP-10.

Thomas wanted to see if a self-replicating program could be written. His machine was connected to ARPAnet, the very first packet-switched network, which was the father of the Internet. His program was called Creeper.

In Thomas’ words, he was disappointed because it “didn’t install multiple instances of itself on several targets.” But Creeper spread through ARPAnet, nonetheless. Affected machines would print at the command line, “I’m the Creeper. Catch me if you can!” So, the string displayed on ARPAnet connected computers, even if it didn’t reproduce. Many computer scientists consider Creeper to be the very first computer virus.

In fact, it wasn’t long until the very first antivirus program was created, specifically to remove Creeper… It was called Reaper.

In 1978, John Shock and Jon Hepps worked at the Xerox Palo Alto Research Center. I couldn’t verify whether or not they’ve read Brunner’s novel. It’s likely that they did, though, because they wrote what many consider to be the very first computer worm.

They wrote five different versions, all designed to improve computer efficiency by exploring a network to find underused processors. But a bug in their programs caused computers to crash. Oops!

Brain

In 1986 in Pakistan, Basit Farooq Alvi and his brother Amjad Farooq Alvi were computer programmers.

Some computer scientists consider their program, Brain, to be the very first computer virus, because Thomas’ Creeper didn’t self-replicate.

Brain was an innocent experiment and nothing more. It spread via 5 1/4 inch floppies only, targetting the boot sector in PC-DOS and IBM-DOS based machines. Like Shock and Hepps’ worm, the Alvi brothers wrote different versions of Brain.

Brain was relatively benign, because it basically just contained the code to self-replicate and copyrighted messages such as these:

Welcome to the Dungeon
(c) 1986 Brain & Amjads (pvt) Ltd.
VIRUS_SHOE RECORD v9.0
Dedicated to the dynamic memories
of millions of virus who are no longer with us today –
Thanks GOODNESS!! BEWARE OF THE er..VIRUS :This program is catching
program follows after these messeges….. $#@%$@!!

It seemed that the different versions of Brain really didn’t get people’s attention until 1988.

Morris’ Worm

Robert Morris was a doctoral student at Cornell University. On November 2nd, 1988, his worm was released. Like in Creeper versus Brain, some computer scientists consider Morris’ program to be the first worm, instead of Shock and Hepps’, a decade prior.

But like in the other programs I’ve mentioned, the intent was experimental, not malicious. What was novel about Morris’ worm is that it did spread through the modern Internet, as it existed in the late 1980s.

But like Shock and Hepps’ worm, a bug in Morris’ worm caused it to behave in a harmful way not intended by its creator.

Five days later, on November 7th, Bob Page of the University of Lowell wrote:

“Here’s the scoop on the ‘Internet Worm.’ Actually it’s not a virus –a virus is a piece of code that adds itself to other programs,
including operating systems. It cannot run independently, but ratherrequires that its ‘host’ program be run to activate it. As such, ithas a clear analog to biologic viruses — those viruses are not
considered live, but they invade host cells and take them over, making
them produce new viruses.

A worm is a program that can run by itself and can propagate a fully
working version of itself to other machines. As such, what was loosed
on the Internet was clearly a worm.”

Page was likely the first computer scientist to properly describe the difference between a worm and a virus.

Within 24 hours of the Internet debut of Morris’ worm, it infected approximately 5,000 computers. The United States General Accounting Officeestimated that between $100,000 and $10,000,000 worth of productivity was lost, due to computers being unable to access the Internet.

The earliest viruses and worms were simply experiments with unintended consequences. But by the 1990s, personal computing exploded. Soon, nearly all offices and a large percentage of households had PCs. That coincided with the first true malware, programs with actual malicious intent. That was concurrent with personal computers and the Internet becoming a part of the everyday lives of ordinary people. I’ll explore that in my next article. Stay tuned!

References

Theory of Self-Replicating Automata
John Von Neumann, complied by Arthur W. Burks
University of Illinois Press

3 responses to “A History of Malware: Part One, 1949-1988”

Interesting read.
You should also have a look at the 1987 “Christmas Tree” mass-mailing worm. It was not malicious per se (it printed an ASCII Christmas card on a terminal), but the program paralysed various networks. This was a pretty big thing back in 1987/88!

http://virus.wikia.com/wiki/Christmas_tree states:
“The first known infection of Christmas Tree was reported in 1987 on December 9th. Christmas Tree made it onto the EARNet (European Academic Research Network), and from there to BITNET and finally spread to IBM’s VNet electronic mail network by December 15th. On Bitnet, it was contained and mostly destroyed by December 14. IBM’s VNet was paralysed on 1987.12.17 and brought to a standstill two days later, only getting rid of the worm by shutting down the network. All of the networks it spread on experienced some disruption.
In 1990, Christmas Tree resurfaced after being posted to Usenet. IBM was forced to shut down its 350,000-terminal network in order to disinfect the network. ”

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

2 − = 1

About InfoSec

InfoSec Institute is the best source for high quality information security training. We have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. In the past 16 years, over 50,000 individuals have trusted InfoSec Institute for their professional development needs!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Why Take This Training?

How will you fund your training?

What is your training budget?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam